Docs
PackagesFastly v8.7.0 published on Friday, May 10, 2024 by Pulumi
fastly.TlsCertificate
Explore with Pulumi AI
Uploads a custom TLS certificate to Fastly to be used to terminate TLS traffic.
Each TLS certificate must have its corresponding private key uploaded prior to uploading the certificate. This can be achieved in Pulumi using
depends_on
Example Usage
Basic usage:
import * as pulumi from "@pulumi/pulumi";
import * as fastly from "@pulumi/fastly";
import * as tls from "@pulumi/tls";
const key = new tls.index.PrivateKey("key", {algorithm: "RSA"});
const cert = new tls.index.SelfSignedCert("cert", {
keyAlgorithm: key.algorithm,
privateKeyPem: key.privateKeyPem,
subject: [{
commonName: "example.com",
}],
isCaCertificate: true,
validityPeriodHours: 360,
allowedUses: [
"cert_signing",
"server_auth",
],
dnsNames: ["example.com"],
});
const keyTlsPrivateKey = new fastly.TlsPrivateKey("key", {
keyPem: key.privateKeyPem,
name: "tf-demo",
});
const example = new fastly.TlsCertificate("example", {
name: "tf-demo",
certificateBody: cert.certPem,
}, {
dependsOn: [keyTlsPrivateKey],
});
import pulumi
import pulumi_fastly as fastly
import pulumi_tls as tls
key = tls.index.PrivateKey("key", algorithm=RSA)
cert = tls.index.SelfSignedCert("cert",
key_algorithm=key.algorithm,
private_key_pem=key.private_key_pem,
subject=[{
commonName: example.com,
}],
is_ca_certificate=True,
validity_period_hours=360,
allowed_uses=[
cert_signing,
server_auth,
],
dns_names=[example.com])
key_tls_private_key = fastly.TlsPrivateKey("key",
key_pem=key["privateKeyPem"],
name="tf-demo")
example = fastly.TlsCertificate("example",
name="tf-demo",
certificate_body=cert["certPem"],
opts=pulumi.ResourceOptions(depends_on=[key_tls_private_key]))
package main
import (
"github.com/pulumi/pulumi-fastly/sdk/v8/go/fastly"
"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
key, err := tls.NewPrivateKey(ctx, "key", &tls.PrivateKeyArgs{
Algorithm: "RSA",
})
if err != nil {
return err
}
cert, err := tls.NewSelfSignedCert(ctx, "cert", &tls.SelfSignedCertArgs{
KeyAlgorithm: key.Algorithm,
PrivateKeyPem: key.PrivateKeyPem,
Subject: []map[string]interface{}{
map[string]interface{}{
"commonName": "example.com",
},
},
IsCaCertificate: true,
ValidityPeriodHours: 360,
AllowedUses: []string{
"cert_signing",
"server_auth",
},
DnsNames: []string{
"example.com",
},
})
if err != nil {
return err
}
keyTlsPrivateKey, err := fastly.NewTlsPrivateKey(ctx, "key", &fastly.TlsPrivateKeyArgs{
KeyPem: key.PrivateKeyPem,
Name: pulumi.String("tf-demo"),
})
if err != nil {
return err
}
_, err = fastly.NewTlsCertificate(ctx, "example", &fastly.TlsCertificateArgs{
Name: pulumi.String("tf-demo"),
CertificateBody: cert.CertPem,
}, pulumi.DependsOn([]pulumi.Resource{
keyTlsPrivateKey,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fastly = Pulumi.Fastly;
using Tls = Pulumi.Tls;
return await Deployment.RunAsync(() =>
{
var key = new Tls.Index.PrivateKey("key", new()
{
Algorithm = "RSA",
});
var cert = new Tls.Index.SelfSignedCert("cert", new()
{
KeyAlgorithm = key.Algorithm,
PrivateKeyPem = key.PrivateKeyPem,
Subject = new[]
{
{
{ "commonName", "example.com" },
},
},
IsCaCertificate = true,
ValidityPeriodHours = 360,
AllowedUses = new[]
{
"cert_signing",
"server_auth",
},
DnsNames = new[]
{
"example.com",
},
});
var keyTlsPrivateKey = new Fastly.TlsPrivateKey("key", new()
{
KeyPem = key.PrivateKeyPem,
Name = "tf-demo",
});
var example = new Fastly.TlsCertificate("example", new()
{
Name = "tf-demo",
CertificateBody = cert.CertPem,
}, new CustomResourceOptions
{
DependsOn =
{
keyTlsPrivateKey,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tls.privateKey;
import com.pulumi.tls.PrivateKeyArgs;
import com.pulumi.tls.selfSignedCert;
import com.pulumi.tls.SelfSignedCertArgs;
import com.pulumi.fastly.TlsPrivateKey;
import com.pulumi.fastly.TlsPrivateKeyArgs;
import com.pulumi.fastly.TlsCertificate;
import com.pulumi.fastly.TlsCertificateArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var key = new PrivateKey("key", PrivateKeyArgs.builder()
.algorithm("RSA")
.build());
var cert = new SelfSignedCert("cert", SelfSignedCertArgs.builder()
.keyAlgorithm(key.algorithm())
.privateKeyPem(key.privateKeyPem())
.subject(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.isCaCertificate(true)
.validityPeriodHours(360)
.allowedUses(
"cert_signing",
"server_auth")
.dnsNames("example.com")
.build());
var keyTlsPrivateKey = new TlsPrivateKey("keyTlsPrivateKey", TlsPrivateKeyArgs.builder()
.keyPem(key.privateKeyPem())
.name("tf-demo")
.build());
var example = new TlsCertificate("example", TlsCertificateArgs.builder()
.name("tf-demo")
.certificateBody(cert.certPem())
.build(), CustomResourceOptions.builder()
.dependsOn(keyTlsPrivateKey)
.build());
}
}
resources:
key:
type: tls:privateKey
properties:
algorithm: RSA
cert:
type: tls:selfSignedCert
properties:
keyAlgorithm: ${key.algorithm}
privateKeyPem: ${key.privateKeyPem}
subject:
- commonName: example.com
isCaCertificate: true
validityPeriodHours: 360
allowedUses:
- cert_signing
- server_auth
dnsNames:
- example.com
keyTlsPrivateKey:
type: fastly:TlsPrivateKey
name: key
properties:
keyPem: ${key.privateKeyPem}
name: tf-demo
example:
type: fastly:TlsCertificate
properties:
name: tf-demo
certificateBody: ${cert.certPem}
options:
dependson:
- ${keyTlsPrivateKey}
Updating certificates
There are three scenarios for updating a certificate:
- The certificate is about to expire but the private key stays the same.
- The certificate is about to expire but the private key is changing.
- The domains on the certificate are changing.
In the first scenario you only need to update the certificate_body attribute of the fastly.TlsCertificate resource, while the other scenarios require a new private key (fastly.TlsPrivateKey) and certificate (fastly.TlsCertificate) to be generated.
When updating both the fastly.TlsPrivateKey and fastly.TlsCertificate resources, they should be done in multiple plan/apply steps to avoid potential downtime. The new certificate and associated private key must first be created so they exist alongside the currently active resources. Once the new resources have been created, then the fastly.TlsActivation can be updated to point to the new certificate. Finally, the original key/certificate resources can be deleted.
Create TlsCertificate Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new TlsCertificate(name: string, args: TlsCertificateArgs, opts?: CustomResourceOptions);@overload
def TlsCertificate(resource_name: str,
args: TlsCertificateArgs,
opts: Optional[ResourceOptions] = None)
@overload
def TlsCertificate(resource_name: str,
opts: Optional[ResourceOptions] = None,
certificate_body: Optional[str] = None,
name: Optional[str] = None)func NewTlsCertificate(ctx *Context, name string, args TlsCertificateArgs, opts ...ResourceOption) (*TlsCertificate, error)public TlsCertificate(string name, TlsCertificateArgs args, CustomResourceOptions? opts = null)
public TlsCertificate(String name, TlsCertificateArgs args)
public TlsCertificate(String name, TlsCertificateArgs args, CustomResourceOptions options)
type: fastly:TlsCertificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args TlsCertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args TlsCertificateArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args TlsCertificateArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args TlsCertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args TlsCertificateArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var tlsCertificateResource = new Fastly.TlsCertificate("tlsCertificateResource", new()
{
CertificateBody = "string",
Name = "string",
});
example, err := fastly.NewTlsCertificate(ctx, "tlsCertificateResource", &fastly.TlsCertificateArgs{
CertificateBody: pulumi.String("string"),
Name: pulumi.String("string"),
})
var tlsCertificateResource = new TlsCertificate("tlsCertificateResource", TlsCertificateArgs.builder()
.certificateBody("string")
.name("string")
.build());
tls_certificate_resource = fastly.TlsCertificate("tlsCertificateResource",
certificate_body="string",
name="string")
const tlsCertificateResource = new fastly.TlsCertificate("tlsCertificateResource", {
certificateBody: "string",
name: "string",
});
type: fastly:TlsCertificate
properties:
certificateBody: string
name: string
TlsCertificate Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The TlsCertificate resource accepts the following input properties:
- Certificate
Body string - PEM-formatted certificate, optionally including any intermediary certificates.
- Name string
- Human-readable name used to identify the certificate. Defaults to the certificate's Common Name or first Subject Alternative Name entry.
- Certificate
Body string - PEM-formatted certificate, optionally including any intermediary certificates.
- Name string
- Human-readable name used to identify the certificate. Defaults to the certificate's Common Name or first Subject Alternative Name entry.
- certificate
Body String - PEM-formatted certificate, optionally including any intermediary certificates.
- name String
- Human-readable name used to identify the certificate. Defaults to the certificate's Common Name or first Subject Alternative Name entry.
- certificate
Body string - PEM-formatted certificate, optionally including any intermediary certificates.
- name string
- Human-readable name used to identify the certificate. Defaults to the certificate's Common Name or first Subject Alternative Name entry.
- certificate_
body str - PEM-formatted certificate, optionally including any intermediary certificates.
- name str
- Human-readable name used to identify the certificate. Defaults to the certificate's Common Name or first Subject Alternative Name entry.
- certificate
Body String - PEM-formatted certificate, optionally including any intermediary certificates.
- name String
- Human-readable name used to identify the certificate. Defaults to the certificate's Common Name or first Subject Alternative Name entry.
Outputs
All input properties are implicitly available as output properties. Additionally, the TlsCertificate resource produces the following output properties:
- Created
At string - Timestamp (GMT) when the certificate was created.
- Domains List<string>
- All the domains (including wildcard domains) that are listed in the certificate's Subject Alternative Names (SAN) list.
- Id string
- The provider-assigned unique ID for this managed resource.
- Issued
To string - The hostname for which a certificate was issued.
- Issuer string
- The certificate authority that issued the certificate.
- Replace bool
- A recommendation from Fastly indicating the key associated with this certificate is in need of rotation.
- Serial
Number string - A value assigned by the issuer that is unique to a certificate.
- Signature
Algorithm string - The algorithm used to sign the certificate.
- Updated
At string - Timestamp (GMT) when the certificate was last updated.
- Created
At string - Timestamp (GMT) when the certificate was created.
- Domains []string
- All the domains (including wildcard domains) that are listed in the certificate's Subject Alternative Names (SAN) list.
- Id string
- The provider-assigned unique ID for this managed resource.
- Issued
To string - The hostname for which a certificate was issued.
- Issuer string
- The certificate authority that issued the certificate.
- Replace bool
- A recommendation from Fastly indicating the key associated with this certificate is in need of rotation.
- Serial
Number string - A value assigned by the issuer that is unique to a certificate.
- Signature
Algorithm string - The algorithm used to sign the certificate.
- Updated
At string - Timestamp (GMT) when the certificate was last updated.
- created
At String - Timestamp (GMT) when the certificate was created.
- domains List<String>
- All the domains (including wildcard domains) that are listed in the certificate's Subject Alternative Names (SAN) list.
- id String
- The provider-assigned unique ID for this managed resource.
- issued
To String - The hostname for which a certificate was issued.
- issuer String
- The certificate authority that issued the certificate.
- replace Boolean
- A recommendation from Fastly indicating the key associated with this certificate is in need of rotation.
- serial
Number String - A value assigned by the issuer that is unique to a certificate.
- signature
Algorithm String - The algorithm used to sign the certificate.
- updated
At String - Timestamp (GMT) when the certificate was last updated.
- created
At string - Timestamp (GMT) when the certificate was created.
- domains string[]
- All the domains (including wildcard domains) that are listed in the certificate's Subject Alternative Names (SAN) list.
- id string
- The provider-assigned unique ID for this managed resource.
- issued
To string - The hostname for which a certificate was issued.
- issuer string
- The certificate authority that issued the certificate.
- replace boolean
- A recommendation from Fastly indicating the key associated with this certificate is in need of rotation.
- serial
Number string - A value assigned by the issuer that is unique to a certificate.
- signature
Algorithm string - The algorithm used to sign the certificate.
- updated
At string - Timestamp (GMT) when the certificate was last updated.
- created_
at str - Timestamp (GMT) when the certificate was created.
- domains Sequence[str]
- All the domains (including wildcard domains) that are listed in the certificate's Subject Alternative Names (SAN) list.
- id str
- The provider-assigned unique ID for this managed resource.
- issued_
to str - The hostname for which a certificate was issued.
- issuer str
- The certificate authority that issued the certificate.
- replace bool
- A recommendation from Fastly indicating the key associated with this certificate is in need of rotation.
- serial_
number str - A value assigned by the issuer that is unique to a certificate.
- signature_
algorithm str - The algorithm used to sign the certificate.
- updated_
at str - Timestamp (GMT) when the certificate was last updated.
- created
At String - Timestamp (GMT) when the certificate was created.
- domains List<String>
- All the domains (including wildcard domains) that are listed in the certificate's Subject Alternative Names (SAN) list.
- id String
- The provider-assigned unique ID for this managed resource.
- issued
To String - The hostname for which a certificate was issued.
- issuer String
- The certificate authority that issued the certificate.
- replace Boolean
- A recommendation from Fastly indicating the key associated with this certificate is in need of rotation.
- serial
Number String - A value assigned by the issuer that is unique to a certificate.
- signature
Algorithm String - The algorithm used to sign the certificate.
- updated
At String - Timestamp (GMT) when the certificate was last updated.
Look up Existing TlsCertificate Resource
Get an existing TlsCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: TlsCertificateState, opts?: CustomResourceOptions): TlsCertificate@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
certificate_body: Optional[str] = None,
created_at: Optional[str] = None,
domains: Optional[Sequence[str]] = None,
issued_to: Optional[str] = None,
issuer: Optional[str] = None,
name: Optional[str] = None,
replace: Optional[bool] = None,
serial_number: Optional[str] = None,
signature_algorithm: Optional[str] = None,
updated_at: Optional[str] = None) -> TlsCertificatefunc GetTlsCertificate(ctx *Context, name string, id IDInput, state *TlsCertificateState, opts ...ResourceOption) (*TlsCertificate, error)public static TlsCertificate Get(string name, Input<string> id, TlsCertificateState? state, CustomResourceOptions? opts = null)public static TlsCertificate get(String name, Output<String> id, TlsCertificateState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Certificate
Body string - PEM-formatted certificate, optionally including any intermediary certificates.
- Created
At string - Timestamp (GMT) when the certificate was created.
- Domains List<string>
- All the domains (including wildcard domains) that are listed in the certificate's Subject Alternative Names (SAN) list.
- Issued
To string - The hostname for which a certificate was issued.
- Issuer string
- The certificate authority that issued the certificate.
- Name string
- Human-readable name used to identify the certificate. Defaults to the certificate's Common Name or first Subject Alternative Name entry.
- Replace bool
- A recommendation from Fastly indicating the key associated with this certificate is in need of rotation.
- Serial
Number string - A value assigned by the issuer that is unique to a certificate.
- Signature
Algorithm string - The algorithm used to sign the certificate.
- Updated
At string - Timestamp (GMT) when the certificate was last updated.
- Certificate
Body string - PEM-formatted certificate, optionally including any intermediary certificates.
- Created
At string - Timestamp (GMT) when the certificate was created.
- Domains []string
- All the domains (including wildcard domains) that are listed in the certificate's Subject Alternative Names (SAN) list.
- Issued
To string - The hostname for which a certificate was issued.
- Issuer string
- The certificate authority that issued the certificate.
- Name string
- Human-readable name used to identify the certificate. Defaults to the certificate's Common Name or first Subject Alternative Name entry.
- Replace bool
- A recommendation from Fastly indicating the key associated with this certificate is in need of rotation.
- Serial
Number string - A value assigned by the issuer that is unique to a certificate.
- Signature
Algorithm string - The algorithm used to sign the certificate.
- Updated
At string - Timestamp (GMT) when the certificate was last updated.
- certificate
Body String - PEM-formatted certificate, optionally including any intermediary certificates.
- created
At String - Timestamp (GMT) when the certificate was created.
- domains List<String>
- All the domains (including wildcard domains) that are listed in the certificate's Subject Alternative Names (SAN) list.
- issued
To String - The hostname for which a certificate was issued.
- issuer String
- The certificate authority that issued the certificate.
- name String
- Human-readable name used to identify the certificate. Defaults to the certificate's Common Name or first Subject Alternative Name entry.
- replace Boolean
- A recommendation from Fastly indicating the key associated with this certificate is in need of rotation.
- serial
Number String - A value assigned by the issuer that is unique to a certificate.
- signature
Algorithm String - The algorithm used to sign the certificate.
- updated
At String - Timestamp (GMT) when the certificate was last updated.
- certificate
Body string - PEM-formatted certificate, optionally including any intermediary certificates.
- created
At string - Timestamp (GMT) when the certificate was created.
- domains string[]
- All the domains (including wildcard domains) that are listed in the certificate's Subject Alternative Names (SAN) list.
- issued
To string - The hostname for which a certificate was issued.
- issuer string
- The certificate authority that issued the certificate.
- name string
- Human-readable name used to identify the certificate. Defaults to the certificate's Common Name or first Subject Alternative Name entry.
- replace boolean
- A recommendation from Fastly indicating the key associated with this certificate is in need of rotation.
- serial
Number string - A value assigned by the issuer that is unique to a certificate.
- signature
Algorithm string - The algorithm used to sign the certificate.
- updated
At string - Timestamp (GMT) when the certificate was last updated.
- certificate_
body str - PEM-formatted certificate, optionally including any intermediary certificates.
- created_
at str - Timestamp (GMT) when the certificate was created.
- domains Sequence[str]
- All the domains (including wildcard domains) that are listed in the certificate's Subject Alternative Names (SAN) list.
- issued_
to str - The hostname for which a certificate was issued.
- issuer str
- The certificate authority that issued the certificate.
- name str
- Human-readable name used to identify the certificate. Defaults to the certificate's Common Name or first Subject Alternative Name entry.
- replace bool
- A recommendation from Fastly indicating the key associated with this certificate is in need of rotation.
- serial_
number str - A value assigned by the issuer that is unique to a certificate.
- signature_
algorithm str - The algorithm used to sign the certificate.
- updated_
at str - Timestamp (GMT) when the certificate was last updated.
- certificate
Body String - PEM-formatted certificate, optionally including any intermediary certificates.
- created
At String - Timestamp (GMT) when the certificate was created.
- domains List<String>
- All the domains (including wildcard domains) that are listed in the certificate's Subject Alternative Names (SAN) list.
- issued
To String - The hostname for which a certificate was issued.
- issuer String
- The certificate authority that issued the certificate.
- name String
- Human-readable name used to identify the certificate. Defaults to the certificate's Common Name or first Subject Alternative Name entry.
- replace Boolean
- A recommendation from Fastly indicating the key associated with this certificate is in need of rotation.
- serial
Number String - A value assigned by the issuer that is unique to a certificate.
- signature
Algorithm String - The algorithm used to sign the certificate.
- updated
At String - Timestamp (GMT) when the certificate was last updated.
Import
A certificate can be imported using its Fastly certificate ID, e.g.
$ pulumi import fastly:index/tlsCertificate:TlsCertificate demo xxxxxxxxxxx
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Fastly pulumi/pulumi-fastly
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fastlyTerraform Provider.